Ransom Trojans Spreading Beyond Russian Heartland

Ransom malware has moved out of its traditional Russian market and is starting to become a measurable problem in countries such as the US and Germany, figures from Trend Micro have confirmed.

As reported by Trend's Smart Protection Network cloud, the US headed the list with just over 2,000 infections, ahead of Germany on 1,203, and Hungary on 561. Other countries reporting in the hundreds include France, Russia, Australia, Italy and Taiwan.

This volume of infections isn't large by comparison with other types of malware but ransomware doesn't set out to hit large number of people at any one time. The modus operandi is to attack smaller numbers using below-the-radar campaigns, extracting relatively large amounts from each victim.

The extent of ransomware's success can only be gauged by the growing volume of attacks, which implies a worthwhile success rate.

Ransomware is really the ultimate form of social engineering malware in that people are invited to agree to defraud themselves. The trick is to get people to believe there is no alternative to agreeing to their malware's terms.

Closer to home, a ransom Trojan affecting UK users impersonated the Metropolitan Police in order to persuade users that porn had been detected on their computers, requiring a payment to be made. Versions of this scam have appeared in almost every European country.

Trend comes up with two explanations for the form's growing popularity among criminals, the biggest of which is the recent disruption of the industry behind fake antivirus scams. This has sent developers to new types of attack that can make use of payment channels less dependant on credit cards, which create an evidence trail.

"Ukash and Paysafecard are widely used online payment methods that do not require personal details. Such level of anonymity has naturally earned the attention of cybercriminals and, as we can see, is now being abused for the ransomware business," said Trend threat engineer, Roland Dela Paz.